Description

“ZeroAccess.hr” is a family of Rootkits, capable of infecting the Windows Operating System. There has been a major shift over the last few months in the way it infects the machine. Previously Zero access infected the Kernel by rewriting system files with its kernel mode component, in order to run at elevated privilege when the system boots, but this version has no kernel mode component and operates entirely in user space.“ZeroAccess.hr” is usually installed on a system by a malicious executable. Once this dropper is executed, it will install the rootkit which will perform the actions described in this document.

Methods of Infection

ZeroAccess is usually installed by a dropper component that may come to the machine from different sources.
One usual method that machines get infected is by downloading and executing small executable files used to crack applications. These crack tools can be found in many different websites devoted to distributing cracked applications. These sites also are known to distribute malicious files and exploits, and thus accessing unknown websites should be avoided to lower the chance of getting infected.

ZeroAccess.HR is detection for the rootkit family that uses to hide itself. It is often installed through drive-by-download attacks from malicious web sites. The Trojan helps to download other malicious files. It has the capabilities to perform Denial of Service (DoS) or Distributed DoS (DDoS). It also connects the following port no 16464.

ZeroAccess.HR is detection for the rootkit family that uses to hide itself. It is often installed through drive-by-download attacks from malicious web sites. The Trojan helps to download other malicious files. It has the capabilities to perform Denial of Service (DoS) or Distributed DoS (DDoS). It also connects the following port no 16464.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).